CVE-2022-41757 - Arm Mali GPU Kernel Driver Vulnerability: Unauthorized Write Access & Memory Exposure

A critical security vulnerability, identified as CVE-2022-41757, has been discovered in the Arm Mali GPU Kernel Driver. This issue allows a non-privileged user to perform unauthorized writes to read-only memory, as well as potentially access memory that has already been freed. Due to the widespread usage of Arm Mali GPU in many devices, this vulnerability poses a significant risk to device manufacturers and users alike.

Description

The flaw can be exploited by an attacker who has access to the device running the affected Arm Mali GPU Kernel Driver. By performing improper GPU processing operations, the attacker can gain write access to regions of memory designated as read-only, or access memory that has already been released (i.e., freed memory). This can lead to unauthorized alterations of memory buffers, ultimately leading to crashes, data corruption, and potentially arbitrary code execution.

Consider the following code snippet as an example

gpu_buffer = mali_gpu_alloc(1024); // Allocate a buffer of 1024 bytes on the GPU
mali_gpu_user = get_non_privileged_user(); // Retrieve a non-privileged user object
mali_gpu_exec(mali_gpu_user, gpu_buffer); // Run GPU operations as non-privileged user

mali_gpu_free(gpu_buffer); // The GPU buffer is now freed/released

// Here, the attacker can exploit the vulnerability to perform unauthorized writes or access the freed memory

Original References

1. Arm Developer: Technical Information - https://developer.arm.com/documentation/102187/0104
2. CVE Details: CVE-2022-41757 - https://www.cvedetails.com/cve/CVE-2022-41757
3. Arm Mali GPU Official Website - https://www.arm.com/products/graphics/mali-gpu

Exploit Details

At the moment, no public exploit code or tools are available for CVE-2022-41757. However, the wide adoption of Arm Mali GPU in mobile devices, automotive applications, and IoT devices increases the likelihood of active exploitation.

Mitigations

Device manufacturers and end-users should urgently install security updates provided by Arm or their device manufacturers. Arm has already released updated versions of the affected drivers:

r39p users should update to r40p or later

In addition to updating the Kernel driver, it is also essential for users to keep their software up to date, restrict access to untrusted software or applications, and employ security best practices for their devices to minimize the risk of this vulnerability being exploited.

Conclusion

CVE-2022-41757 is a severe vulnerability in the Arm Mali GPU Kernel Driver that, if exploited, can allow an attacker to perform unauthorized writes to read-only memory or access already freed memory. Device manufacturers and users should immediately apply the appropriate updates to their systems to prevent potential data corruption or arbitrary code execution.

By staying vigilant and keeping your software up to date, you can help protect your devices and data from this critical security vulnerability.

Timeline

Published on: 11/08/2022 15:15:00 UTC
Last modified on: 11/09/2022 17:21:00 UTC